Posts Tagged ‘laptop theft’

Don’t let differing authority levels damage info sec, privacy & compliance collaboration

Thursday, March 26th, 2009

I first realized the need for information security and legal compliance areas to closely collaborate on converging issues in the mid-1990’s while establishing the information security and privacy requirements for one of the first online banks. Over the past 5+ years I’ve been actively evangelizing through my 2-day classes, conference and meeting speeches, and many articles and other publications about the need for information security, privacy and legal compliance areas to collaborate, and pointing out the areas where these responsibilities converge.

(more…)

Employee Suing Starbucks For Poor Security & Laptop Theft

Tuesday, February 24th, 2009

Here’s an interesting progression in how to address the growing data breaches that occur largely from ignored, overlooked, and/or inadequate security practices…

(more…)

Tell Personnel How to Protect Mobile Computing Devices and Storage Media

Tuesday, June 24th, 2008

You can’t expect your personnel to know how to safeguard information and computing devices if you do not tell them *HOW* to safeguard them!
Humans are not born with an inherent instinct to automatically safeguard information assets. In fact, some folks seem to be born with a pre-disposition to fling caution to the wind when it comes to protecting information. Why else would someone drink three tall beers while working alone in a busy airport bar/restaurant and then leave their laptop completely unsecured on the table top to go somewhere else down the hallway out of sight for 30 minutes? (Saw this on a recent trip.) Yes, I know the alcohol had some impact on their decision-making, but think about all the folks in your organization who have a tendency to do risky activities even without the influence of alcohol.
The fourth section from the second article in the June issue of my “IT Compliance in Realtime Journal” discusses why all organizations must provid training and ongoing awareness communications to their personnel for how to protect mobile computing devices.
You cannot expect your personnel to know how to safeguard information and mobile computers if you do not provide them with training and ongoing awareness for how to do it! Deja vu…did I already say this? You bet; and I’ll probably say it a few million times more in my lifetime because it is so important, yet so seldom considered!
Here’s an unformatted version; you can download a much nicer PDF version of it with the entire June Journal

(more…)

Make Your Personnel Aware Of Mobile Computing Security Requirements

Monday, June 23rd, 2008

If you don’t encrypt sensitive and personally identifiable information (PII) on mobile computers, you are at very high risk of having that information breached. It seems that laptops practically scream “Take me!” to any potential swindler who happens to pass by. Yet one more in the daily news reports about mobile computer thefts provides a good example of this; “World’s Largest Telco Admits – We Didn’t Encrypt Laptop Data
The third section from the June issue of my “IT Compliance in Realtime Journal” discusses why all organizations that use mobile computing devices for business purposes must ensure their personnel know and understand how to use mobile computers in a secure manner. You cannot expect your personnel to know how to safeguard information and mobile computers if you do not provide them with training and ongoing awareness for how to do it!
Here’s an unformatted version; you can download a much nicer PDF version of it with the entire June Journal…

(more…)

Six Ways Organizations Can Lessen Mobile Computing Risks

Friday, June 20th, 2008

Geesh, every single day there is at least one news report about a stolen or lost mobile (laptop, notebook, PDA, Blackberry, etc.) computer! Today one of the reports was about a laptop computer, containing cleartext information about 11,000 hospital patients, that was stolen from a doctor’s home in Staffordshire, U.K.
A couple of days ago I posted the first section from the second article in my “IT Compliance in Realtime” journal issue for June.
Here’s the second section from that article…

(more…)

Mobile Computing Security Problems Exist Throughout the World

Wednesday, June 18th, 2008

Every day, literally, I read news reports about lost or stolen laptops. Today is no exception. The news report, “A Misconfigured Laptop, a Wrecked Life,” chronicles how one man had his first work laptop stolen, and then he was fired when the second work laptop he was issued as a replacement was found to have pornography on it…either it was pre-loaded when he got it, or lack of prevention software allowed someone to remotely load it on his computer while he was online.

(more…)

Yet Another Stolen Laptop With Clear Text Patient PII

Tuesday, March 25th, 2008

Yet another in a long procession of laptop thefs, “Stolen laptop contains personal info of 2,500 patients“.
Here are the first few paragraphs…

(more…)

Trending Towards More Business Applied Employee Sanctions For Security Incidents

Monday, October 15th, 2007

I’ve been noticing lately more and more organizations sanctioning their employees for not following information security policies. I first blogged about it recently on September 24 about a hospital actively enforcing sanctions for HIPAA violations, then again on October 10 about another hospital sanctioning employees for noncompliance, then again on October 11, and then again just yesterday.

(more…)

Laptop Theft: Financial Company Given $1.9 Million Penalty Following Incident for Inadequate Security Program

Tuesday, February 20th, 2007

For the first time, the United Kingdom financial regulators, the U.K. Financial Services Authority (FSA), gave a financial institution, the Nationwide Building Society, the U.K.’s largest “building society” (a member-owned mortgage lending and banking services institution) a penalty for poor data security, issuing a ¬£980,000 ($1.9 million) fine based on their response to the 2006 theft of a laptop computer containing sensitive customer data according to a February 14 notice from the FSA.

(more…)

Privacy Breach: FBI Loses Laptops Each Month Despite 2002 Audit Telling Them To Improve Practices

Monday, February 12th, 2007

Today the U.S. Department of Justice (DOJ) released the “The Federal Bureau of Investigation’s Control Over Weapons and Laptop Computers Follow-Up Audit” report.
As you can tell by my post title, this should be a very embarrassing report for the FBI.

(more…)